First published: Tue Jul 07 2020(Updated: )
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
Credit: vultures@jpcert.or.jp
Affected Software | Affected Version | How to fix |
---|---|---|
Mitsubishielectric Coreos | <=y | |
Mitsubishielectric Got2000 Gt23 | ||
Mitsubishielectric Got2000 Gt25 | ||
Mitsubishielectric Got2000 Gt27 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-5598 is an improper access control vulnerability in the TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model).
CVE-2020-5598 has a severity rating of 7.5 (high).
The affected software versions are CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model of Mitsubishi Electric GOT2000 series.
This vulnerability can be exploited by a remote attacker to bypass access restrictions and disrupt the operation of the affected devices.
Yes, Mitsubishi Electric has released a patch to address this vulnerability. Refer to their advisory for more information.